System and Method for Restricting System and Application Software Available for Installation on a Managed Mobile Device

ABSTRACT

A method for managing software on a device is provided. The method comprises: receiving, from a third party associated with the device, by a software administrator of an organization different from the third party, release information regarding software versions for the device; creating, by the software administrator, a profile that specifies whether or not at least one of the software versions is allowed on the device; and transmitting the profile, by the software administrator to a server computer associated with the third or other parties, to promote enforcement of the profile for the device.

CROSS REFERENCE TO RELATED APPLICATION

This is a continuation of U.S. application Ser. No. 16/535,614, filedAug. 8, 2019, which is a continuation of U.S. application Ser. No.14/632,939, filed Feb. 26, 2015, U.S. Pat. No. 10,379,829, which areboth hereby incorporated by reference in their entirety.

BACKGROUND

As used herein, the terms “mobile device”, “device”, “user equipment”,“UE”, and the like may refer to easily transportable devices such asmobile telephones, personal digital assistants, handheld or laptopcomputers, and similar devices that have telecommunicationscapabilities. Such terms may also refer to devices that have similarcapabilities but that are not transportable, such as fixed linetelephones, desktop computers, or set-top boxes. In many cases, suchdevices may be manufactured by a first entity and then deployed for useby a second entity. For example, an electronics manufacturer maymanufacture a mobile telephone, and a telecommunications serviceprovider may manage the services available through the device. Such amanufacturer may be referred to herein as a device provider, and such atelecommunications service provider may be referred to herein as aservice provider.

Operating system software, communications-related software,application-related software, and other software used by such devicesmay be upgraded or otherwise modified from time to time. The deviceprovider, the service provider, or some other entity may make themodified software available to the device users, and the users maychoose to install the modified software on their devices. Suchmodifications may be referred to as updates, new versions, new releases,new builds, or similar terms. Hereinafter, any such modified softwarewill be referred to as a version of the software or a software versionor simply a version.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of this disclosure, reference is nowmade to the following brief description, taken in connection with theaccompanying drawings and detailed description, wherein like referencenumerals represent like parts.

FIG. 1 is a block diagram of a system for managing software according toan embodiment of the disclosure.

FIG. 2 is a block diagram of a system for managing software withoutpassing software-related information through a device according to anembodiment of the disclosure.

FIG. 3 is a block diagram of a system for managing software when aninternet connection is not available according to an embodiment of thedisclosure.

FIG. 4 illustrates a graphical user interface that may be used by anadministrator of a system for managing software according to anembodiment of the disclosure.

FIG. 5 is a simplified block diagram of an exemplary network elementaccording to one embodiment.

FIG. 6 is a block diagram with an example user equipment capable ofbeing used with the systems and methods in the embodiments describedherein.

FIG. 7 illustrates a processor and related components suitable forimplementing the several embodiments of the present disclosure.

DETAILED DESCRIPTION

It should be understood at the outset that although illustrativeimplementations of one or more embodiments of the present disclosure areprovided below, the disclosed systems and/or methods may be implementedusing any number of techniques, whether currently known or in existence.The disclosure should in no way be limited to the illustrativeimplementations, drawings, and techniques illustrated below, includingthe exemplary designs and implementations illustrated and describedherein, but may be modified within the scope of the appended claimsalong with their full scope of equivalents.

A business, a government agency, or some other type of enterprise ororganization may provide persons under its management with a mobiledevice for use in conducting the organization's activities or mayotherwise manage the devices used by those persons. When an organizationmanages a large number of devices, the organization may employ anadministrator to oversee the usage of the devices, particularly in caseswhere the devices may have access to the organization's data resources.The administrator may be an individual or a group that ensures that thehardware and software on the devices are up to date, that onlyauthorized devices are allowed access to the organization's dataresources, and that the devices are otherwise being used in accordancewith the organization's policies. For example, when a new softwareversion becomes available, such as by a device provider or a serviceprovider, for one or more of the devices managed by the administrator,the administrator may oversee the installation of the new version on theappropriate devices.

An organization that manages a large number of devices may notnecessarily want to accept every new software version that becomesavailable for every device. For example, a government agency or anorganization in a highly regulated industry may have strict securityrequirements and may perform its own internal certification proceduresto determine the mobile device software that may be installed on thedevices it manages. Such an organization may wish to perform additionaltesting of the versions or perform other actions to ensure that theversions meet the standards of the organization. The organization mayalso wish to allow a new software version for some devices and not forother devices or may wish to allow only certain versions within a suiteof available versions. Also, an organization may modify, for example,open source software to suit its needs. If a provider of open sourcesoftware updates the software that an organization had previouslymodified, the organization may wish to delay installing the updatedsoftware until the organization ensures that the updated software iscompatible with the modifications the organization made to the previousversion of the open source software.

A device provider or a service provider may have control over whichsoftware versions are installed on devices manufactured or deployed bythe device provider or service provider. However, a third-partyadministrator who is not managed by a device provider or a serviceprovider typically must accept all available updates or none at all. Asdiscussed above, it may be desirable for such an administrator to havethe capability to determine which versions among a set of availableversions are to be installed on the devices the administrator manages.

Embodiments of the present disclosure allow an organization'sadministrator who is not under the management of a device provider or aservice provider to view a plurality of software versions available fordevices under the control of the administrator. The administrator maythen specify which of the available versions are allowed to be installedon which devices and/or which of the available versions are prohibitedfrom being installed on which devices. Such a specification may apply toa single device, a group of devices, a single device user, a group ofdevice users, or to some combination of devices and users.

It should be understood that only one version of a particular unit ofsoftware is typically installed on a device at a given time. Forexample, version 10.1 and version 10.2 of a web browser would typicallynot be installed on the same device at the same time. However, multipledifferent units of software may be installed on a device simultaneously,such as a web browser, an email program, a calendar program, and otherapplications, each of which may have its own version number. Therefore,when mention is made herein to a software version or software versionsbeing available to a device, it should be understood that the version orversions may be a version for a single unit of software or multipledifferent versions, each for a different unit of software.

The information regarding which software versions are currentlyavailable for devices under the control of an administrator may bereferred to herein as release information. The relevant characteristicsof the devices and device users under the control of an administratorand the software version restrictions and allowances that may pertain tothose devices and users may be referred to herein as user and devicedata.

FIG. 1 illustrates an embodiment of release information and user anddevice data being used to determine the software versions that may beallowed or not allowed to be installed on one or more devices. Asoftware management entity 110 may be a software vendor or some otherentity that makes software versions available, such as a device provideror a service provider. The software management entity 110 may manage asoftware loading service 112 that controls the installation of softwareversions. While the software loading service 112 is depicted within thesoftware management entity 110, the software loading service 112 or asimilar component may exist remotely from the software management entity110. The software loading service 112 may include a software catalog 114that lists all software versions available for installation by thesoftware management entity 110. The software in the software catalog 114may be organized according to device type or model such that, for agiven device type or model, only the software relevant to that devicetype or model is listed in the software catalog 114. While the softwarecatalog 114 is depicted within the software loading service 112, thesoftware catalog 114 may exist remotely from the software loadingservice 112.

A server computer 122 or similar component may be present at a customersite 120, wherein the customer that manages the customer site 120 may bean organization that manages a large number of devices, as describedabove. Alternatively, the server 122 may be available to a customer viaa network. Alternatively, the server 122 may be located at a sitemanaged by the software management entity 110 and may be under thecontrol of the software management entity 110. In some embodiments, thesoftware management entity 110 and the customer that manages thecustomer site 120 may be the same entity, and in other embodiments, thesoftware management entity 110 and the customer that manages thecustomer site 120 may be different entities.

In an embodiment, the software loading service 112 sends releaseinformation to the server 122, as shown at arrow 1. The releaseinformation may list all or a portion of the software versions currentlyavailable in the software catalog 114. More specifically, the releaseinformation may specify a set of software versions that are allowed ornot allowed to be installed on one or more devices 140. The set ofsoftware versions may include a single software version, a singlecontinuous range of software versions from a minimum version number to amaximum version number, multiple ranges of software versions with one ormore exceptions between the ranges, multiple non-continuous softwareversions, or some other combination of software versions. When therelease information specifies the software versions that are allowed tobe installed on the device 140, software versions that are not listed inthe release information may not be installed on the device 140.Alternatively or additionally, the release information may explicitlyspecify one or more software versions that are not allowed to beinstalled on the device 140.

The set of software versions listed in the release information may bedetermined based on one or more attributes of the devices 140 on whichthe software versions may be installed. For example, the set of softwareversions listed in the release information may be determined based onthe hardware characteristics of the devices 140, such as model type,processing capability, memory capacity, or antenna configuration; on thesoftware characteristics of the devices 140, such as the operatingsystem version or other software already installed on the device 140; onthe radio access technology or radio access network used by the device140, such as 3G, 4G, LTE, WiFi, CDMA, GSM, GERAN, UTRAN, or E-UTRAN;and/or on other known attributes of the device 140. Such attributes maybe taken into consideration in determining the software versions thatare applicable to a given device 140, and only those versions that areapplicable may be listed in the release information for that device 140.

In an embodiment, the software loading service 112 may send the releaseinformation to the server 122 in response to a request from the server122 for information about available software versions. The server 122may send such a request in response to a request from an administrator130. Alternatively, the sending of the release information from thesoftware loading service 112 to the server 122 may be triggered in someother manner.

At arrow 2, the server 122 stores the release information in a database124 or a similar data storage component so that when the releaseinformation is needed, the release information can be quickly retrievedfrom the database 124 rather than being received from the softwareloading service 112.

An administrator 130 may oversee the installation of software on one ormore devices 140. Although only one device is shown in FIG. 1 , theadministrator 130 may oversee a plurality of devices 140, and anydiscussion herein regarding a single device 140 may apply as well tomultiple devices 140. In an embodiment, the administrator 130 is notunder the management or control of the software management entity 110 orthe customer that manages the customer site 120. Therefore, theadministrator 130 has no control or input regarding which softwareversions are made available by the software loading service 112 in theform of the release information. Instead, the administrator 130 may viewthe software versions that are made available by the software loadingservice 112 and select which of the versions are allowed or not allowedto be installed on which of the devices 140. The administrator 130 maybe separated from the server 122 by a firewall 150 or a similar securitycomponent.

The administrator 130 may have access to user and device data 160 thatdescribes the characteristics of the devices 140 that the administrator130 manages and the users of those devices 140. That is, the user anddevice data 160 may list any characteristics of the devices 140 or usersthat may affect which software is applicable to those devices 140 orusers. The user and device data 160 may be organized according to devicemodels and/or service providers such that any characteristics common toa particular device model and/or any characteristics common to aparticular service provider are associated with the appropriate model orservice provider. While the administrator 130 is depicted as havingdirect access to the user and device data 160, the user and device data160 may be located at the software management entity 110, on the server122, or in some other location.

In an embodiment, the administrator 130 may request release informationfrom the server 122. That is, the administrator 130 may send a messageto the server 122 asking the server 122 to provide information regardingthe set of versions of software available for installation on one ormore devices 140. As described above, the server 122 may have previouslyreceived such information from the software loading service 112 and mayhave stored that information in the database 124. At arrow 3, the server122 retrieves the release information from the database 124, and atarrow 4, the server 122 sends the release information to theadministrator 130.

In an embodiment, the administrator 130 may then use the releaseinformation and the user and device data 160 to create a profile for oneor more devices 140 and/or device users. The profile may specify whichsoftware versions are allowed to be installed on which devices 140and/or which software versions are prohibited from being installed onwhich devices 140. The specification may include a minimum releasenumber and a maximum release number for the software versions that areallowed or not allowed on the device 140; a blacklist and/or whitelistof software versions that are prohibited or allowed on the device 140;any overrides or exceptions that may apply to the minimum releasenumber, maximum release number, blacklist and/or whitelist; and/or anyother combination of versions as described above with regard to therelease information. A profile may be assigned to individual devices orusers, to groups of devices or users, or globally to all devices orusers in an organization. As discussed in more detail below, a pluralityof profiles may be created for a device 140 or a group of devices 140,and the profiles may be ranked according to their precedence. One of theprofiles may be designated as the default profile for one or moredevices 140.

In an embodiment, the administrator 130 may determine the softwareversions to be included in the profile for one or more devices 140 basedat least partially on the above-described attributes for the devices140, such as hardware characteristics, software characteristics, radioaccess technology, and/or radio access network. Additionally oralternatively, the administrator 130 may specify in the profile one ormore conditions under which one or more software versions included inthe profile are to be applied to a device 140. For example, theadministrator 130 may specify that a particular version is to be appliedonly at a particular time, such as a time of day or a day of the week.Additionally or alternatively, the administrator 130 may specify that aparticular version is to be applied based on the location of the device140. For instance, the administrator 130 may specify that a firstversion is to be applied if the device 140 is in use in a first countryand a second version is to be applied if the device 140 is in use in asecond country, or that a particular version is to be applied only ifthe device 140 is in use in a particular region, or that a particularversion may not be applied if the device 140 is in use in a particularregion, or that a particular version is to be applied based on someother location-based parameter related to the device 140. Additionallyor alternatively, the administrator 130 may specify that a particularversion is to be applied based on the roaming status of the device 140.Additionally or alternatively, the administrator 130 may specify that aparticular version is to be applied based on the amount of memorycurrently available on the device 140. Additionally or alternatively,the administrator 130 may specify that the most recent software versionsavailable to the device 140 are to be mandatorily installed on thedevice 140. As used herein, terms such as “applying a version” and thelike may refer to installing a version or following a rule thatprohibits the installation of a version.

As shown at arrow 5, after creating one or more profiles, theadministrator 130 may then send the profile information to the server122. The sending of the profile information to the server 122 maypromote the eventual enforcement of the profile on the device 140 towhich the profile pertains, where enforcement may include allowinginstallation of a software version listed in the profile, preventinginstallation of a software version listed in the profile, providing analert that a software version listed in the profile is available forinstallation, and/or providing an alert that a software version listedin the profile is not available for installation. Such an alert may besent to the device 140 or to some other component.

At arrow 6, the server 122 may store the profile information in thedatabase 124 for future use. The server 122 may then use the informationin the profile to create a payload that specifies the restrictionsand/or allowances that pertain to the software for a specific device 140or group of devices 140. The payload may be an Extensible MarkupLanguage (XML) document or other file into which the server 122 hasconverted the profile information. At arrow 7, the server 122 sends thepayload to the device 140. The server 122 may also store the payload inthe database 124.

In some cases, multiple profiles may pertain to a single device. Forexample, all devices within a group of devices may be given a firstprofile that allows software up to and including a first version numberto be installed on the devices. A number of users of the devices in thatgroup may be beta testers who are testing a version of the software witha later version number than the first version number. The devices ofthose users may be given a second profile that allows the software withthe later version number to be installed on those devices.

In an embodiment, when multiple profiles pertain to a single device, theserver 122 may perform a reconciliation procedure to determine which ofthe profiles is to be enforced on the device at a given time. Thereconciliation procedure may be based on a ranking of the profiles thatspecifies which profiles are to take precedence over others. The server122 may then include the appropriate profile information in the payload.

In an embodiment, after receiving the payload, the device 140 may act asa pass-through and, at arrow 8, send the specific software versionpolicy information that pertains to itself, as specified in the payload,to the software loading service 112. The software loading service 112may then use the device-specific profile information to determine thesoftware versions that may be installed on the device 140 or may beprohibited from being installed on the device 140. At arrow 9, thesoftware loading service 112 sends the device 140 the versions that areto be installed on the device 140.

In some cases, it may be preferable not to use the device 140 as apass-through for the payload. Such an embodiment is illustrated in FIG.2 . In this case, it may not be possible to create a payload that isspecific to a particular device 140. Instead, an entire profilecontaining software version policy information for a plurality ofdevices 140 may be sent directly from the server 122 to one or more webservice application programming interfaces (APIs) 116 within oravailable to the software loading service 112, as shown at arrow 7. Thesoftware loading service 112 may then receive the profile from the APIs116 and use the profile information to determine how the profile isenforced. That is, the software loading service 112 may determine whichsoftware versions are allowed to be installed on which devices 140and/or which software versions are prohibited from being installed onwhich devices 140.

In some cases, the customer site 120 may not have an internet connectionvia which the server 122 can receive the release information from thesoftware loading service 112. Such an embodiment is illustrated in FIG.3 . In such so-called “dark site” cases, the customer that manages thecustomer site 120 may be willing to accept incoming data transmittedfrom the administrator 130 but may not allow outgoing data to betransmitted to the administrator 130. The administrator 130 may receivethe release information from the software loading service 112, as shownat arrow 1. The administrator 130 may then use the received releaseinformation and the available user and device data 160 to create one ormore profiles as described above. The administrator 130 may thentransmit the release information and the profile information to theserver 122, as shown at arrows 2 and 3. As an example, the administratormay export a file from the software loading service 112 and import thefile into the server 122. The server 122 may then create a payload andsend the payload to the device 140 as described above. Since the server122 has no internet connection in this case, the payload may be sent tothe software loading service 112 via the device 140 rather than througha web service API. The server 122 may communicate with the device 140via WiFi or a similar communication protocol.

The components described above for controlling the software versionsthat are applied to devices may also be used to determine whether adevice is in compliance with the software version policies specified forthe device. Returning to FIG. 1 as an example, the server 122 may knowthe profile assigned to the device 140 and the software installed on thedevice 140. Therefore, the server 122 can compare the software that theprofile allows to be installed on the device 140 to the software that isactually installed on the device 140 and determine if the device 140 isin compliance with its profile. For example, the profile may specifythat operating system software only within the range of version 10.2 to10.4 is allowed to be installed on the device 140. If the server 122determines that version 10.1 is installed on the device 140, the servermay determine that the device 140 is out of compliance with its profile.In other embodiments, an entity other than the server 122 may make sucha comparison and determination.

In an embodiment, if the device 140 is found to be out of compliance,one or more actions may occur. For example, the server 122 may notifythe administrator 130 and/or the user of the device 140 of the lack ofcompliance. The administrator 130 and/or the user of the device 140 maythen take appropriate actions to ensure compliance with the profile.Alternatively or additionally, if the device 140 is found to be out ofcompliance, one or more actions may be taken to impair the functioningof the device 140 in some way. For example, the device 140 may beprevented from connecting to a network, one or more applications on thedevice 140 may be prevented from executing, the device 140 may beswitched off, or some other action may be taken to affect thefunctionality of the device 140.

FIG. 4 illustrates a graphical user interface 410 that may be used by anadministrator in creating profiles and managing software versions. Theinterface 410 may include a field 412 in which the administrator mayenter a profile name and a field 414 in which the administrator mayenter a profile description. A check box 416 or a similar inputmechanism may allow the administrator to specify that an upgrade to themost recent available version should be forced for a given device orcarrier. That is, the administrator may check the check box 416 tospecify that the most recent software versions available to a device areto be mandatorily installed on the device, as described above.

A first dropdown box 418 or a similar input mechanism may allow theadministrator to specify the minimum version number for a unit ofsoftware to be applied to a device, and a second dropdown box 420 or asimilar input mechanism may allow the administrator to specify themaximum version number for that unit of software. That is, theadministrator may use the dropdown boxes 418 and 420 and/or othersimilar input mechanisms to specify a set of software versions allowedor not allowed to be installed on the device. As described above, thespecification may be based on hardware characteristics of the device,software characteristics of the device, a radio access technology orradio access network used by the device, a time or location associatedwith the device, a roaming status of the device, an amount of memorycurrently available on the device, and/or other attributes associatedwith the device.

As an example, the administrator may use the dropdown boxes 418 and 420to create a profile that may contain an open upper bound in a range,such as 10.2.1 or higher. This means that the device can see version10.2.1 and any versions of the software that are later than 10.2.1,including any new releases that are made available at a future time.Conversely, if the range is 10.2.1 to 10.3.1, this may mean that asoftware update is initially available in this range but it may alsomean that updates outside the range are not seen. So software that mayotherwise be publicly available may not available to the device withthis policy.

In an embodiment, the administrator may user the interface 410 tospecify a model number or other identifier for one or more devices forwhich a profile is being created. The dropdown boxes 418 and 420 and/orother input or output mechanisms in the interface 410 may then displayonly the software versions that pertain to that device model.

A data entry field 422 may allow the administrator to specify anyexceptions or overrides that are to be made to the information enteredelsewhere in the interface 410. The values that appear in the dropdownboxes 418 and 420, the data entry field 422, and/or other input oroutput mechanisms in the interface 410 may be populated from data in thesoftware catalog 114 of FIGS. 1, 2, and 3 . One of skill in the art mayrecognize that other fields may be present in the interface 410 toassist an administrator in creating a profile for one or more devices.When the administrator has entered information into the interface 410,the information from the interface 410 may then be processed to generatethe profile information that the administrator may then send to theserver 122 of FIGS. 1, 2, and 3 .

After creating a profile for one or more devices in such a manner, theadministrator may then return to the interface 410, create anotherprofile for the same device or group of devices or for another device orgroup of devices, and send that profile to the server 122.Alternatively, the administrator may create a plurality of profiles inthe interface 410 and then send all of the profiles to the server 122 ina batch. The administrator may continue such a procedure until allprofiles have been created for all devices for which the administratorwishes to create a profile.

The above may be implemented by a network element. A simplified networkelement is shown with regard to FIG. 5 . In FIG. 5 , network element3110 includes a processor 3120 and a communications subsystem 3130,where the processor 3120 and communications subsystem 3130 cooperate toperform the methods described above.

Further, the above may be implemented by a UE. An example of a UE isdescribed below with regard to FIG. 6 . UE 3200 may comprise a two-waywireless communication device having voice and data communicationcapabilities. In some embodiments, voice communication capabilities areoptional. The UE 3200 generally has the capability to communicate withother computer systems on the Internet. Depending on the exactfunctionality provided, the UE 3200 may be referred to as a datamessaging device, a two-way pager, a wireless e-mail device, a cellulartelephone with data messaging capabilities, a wireless Internetappliance, a wireless device, a smart phone, a mobile device, or a datacommunication device, as examples.

Where the UE 3200 is enabled for two-way communication, it mayincorporate a communication subsystem 3211, including a receiver 3212and a transmitter 3214, as well as associated components such as one ormore antenna elements 3216 and 3218, local oscillators (LOs) 3213, and aprocessing module such as a digital signal processor (DSP) 3220. Theparticular design of the communication subsystem 3211 may be dependentupon the communication network in which the UE 3200 is intended tooperate.

Network access requirements may also vary depending upon the type ofnetwork 3219. In some networks, network access is associated with asubscriber or user of the UE 3200. The UE 3200 may require a removableuser identity module (RUIM) or a subscriber identity module (SIM) cardin order to operate on a network. The SIM/RUIM interface 3244 istypically similar to a card slot into which a SIM/RUIM card may beinserted. The SIM/RUIM card may have memory and may hold many keyconfigurations 3251 and other information 3253, such as identificationand subscriber-related information.

When required network registration or activation procedures have beencompleted, the UE 3200 may send and receive communication signals overthe network 3219. As illustrated, the network 3219 may consist ofmultiple base stations communicating with the UE 3200.

Signals received by antenna 3216 through communication network 3219 areinput to receiver 3212, which may perform such common receiver functionsas signal amplification, frequency down conversion, filtering, channelselection, and the like. Analog to digital (A/D) conversion of areceived signal allows more complex communication functions, such asdemodulation and decoding to be performed in the DSP 3220. In a similarmanner, signals to be transmitted are processed, including modulationand encoding for example, by DSP 3220 and are input to transmitter 3214for digital to analog (D/A) conversion, frequency up conversion,filtering, amplification, and transmission over the communicationnetwork 3219 via antenna 3218. DSP 3220 not only processes communicationsignals but also provides for receiver and transmitter control. Forexample, the gains applied to communication signals in receiver 3212 andtransmitter 3214 may be adaptively controlled through automatic gaincontrol algorithms implemented in DSP 3220.

The UE 3200 generally includes a processor 3238 which controls theoverall operation of the device. Communication functions, including dataand voice communications, are performed through communication subsystem3211. Processor 3238 also interacts with further device subsystems suchas the display 3222, flash memory 3224, random access memory (RAM) 3226,auxiliary input/output (I/O) subsystems 3228, serial port 3230, one ormore keyboards or keypads 3232, speaker 3234, microphone 3236, othercommunication subsystem 3240 such as a short-range communicationssubsystem, and any other device subsystems generally designated as 3242.Serial port 3230 may include a USB port or other port currently known ordeveloped in the future.

Some of the illustrated subsystems perform communication-relatedfunctions, whereas other subsystems may provide “resident” or on-devicefunctions. Notably, some subsystems, such as keyboard 3232 and display3222, for example, may be used for both communication-related functions,such as entering a text message for transmission over a communicationnetwork, and device-resident functions, such as a calculator or tasklist.

Operating system software used by the processor 3238 may be stored in apersistent store such as flash memory 3224, which may instead be aread-only memory (ROM) or similar storage element (not shown). Theoperating system, specific device applications, or parts thereof, may betemporarily loaded into a volatile memory such as RAM 3226. Receivedcommunication signals may also be stored in RAM 3226.

As shown, flash memory 3224 may be segregated into different areas forboth computer programs 3258 and program data storage 3250, 3252, 3254and 3256. These different storage types indicate that each program mayallocate a portion of flash memory 3224 for their own data storagerequirements. Processor 3238, in addition to its operating systemfunctions, may enable execution of software applications on the UE 3200.A predetermined set of applications that control basic operations,including at least data and voice communication applications forexample, may typically be installed on the UE 3200 during manufacturing.Other applications may be installed subsequently or dynamically.

Applications and software may be stored on any computer-readable storagemedium. The computer-readable storage medium may be tangible or in atransitory/non-transitory medium such as optical (e.g., CD, DVD, etc.),magnetic (e.g., tape), or other memory currently known or developed inthe future.

One software application may be a personal information manager (PIM)application having the ability to organize and manage data itemsrelating to the user of the UE 3200 such as, but not limited to, e-mail,calendar events, voice mails, appointments, and task items. One or morememory stores may be available on the UE 3200 to facilitate storage ofPIM data items. Such a PIM application may have the ability to send andreceive data items via the wireless network 3219. Further applicationsmay also be loaded onto the UE 3200 through the network 3219, anauxiliary I/O subsystem 3228, serial port 3230, short-rangecommunications subsystem 3240, or any other suitable subsystem 3242, andinstalled by a user in the RAM 3226 or a non-volatile store (not shown)for execution by the processor 3238. Such flexibility in applicationinstallation may increase the functionality of the UE 3200 and mayprovide enhanced on-device functions, communication-related functions,or both. For example, secure communication applications may enableelectronic commerce functions and other such financial transactions tobe performed using the UE 3200.

In a data communication mode, a received signal such as a text messageor web page download may be processed by the communication subsystem3211 and input to the processor 3238, which may further process thereceived signal for output to the display 3222, or alternatively to anauxiliary I/O device 3228.

A user of the UE 3200 may also compose data items, such as emailmessages for example, using the keyboard 3232, which may be a completealphanumeric keyboard or telephone-type keypad, among others, inconjunction with the display 3222 and possibly an auxiliary I/O device3228. Such composed items may then be transmitted over a communicationnetwork through the communication subsystem 3211.

For voice communications, overall operation of the UE 3200 is similar,except that received signals may typically be output to a speaker 3234and signals for transmission may be generated by a microphone 3236.Alternative voice or audio I/O subsystems, such as a voice messagerecording subsystem, may also be implemented on the UE 3200. Althoughvoice or audio signal output may be accomplished primarily through thespeaker 3234, display 3222 may also be used to provide an indication ofthe identity of a calling party, the duration of a voice call, or othervoice call-related information, for example.

Serial port 3230 may be implemented in a personal digital assistant(PDA)-type device for which synchronization with a user's desktopcomputer (not shown) may be desirable, but such a port is an optionaldevice component. Such a port 3230 may enable a user to set preferencesthrough an external device or software application and may extend thecapabilities of the UE 3200 by providing for information or softwaredownloads to the UE 3200 other than through a wireless communicationnetwork. The alternate download path may, for example, be used to loadan encryption key onto the UE 3200 through a direct and thus reliableand trusted connection to thereby enable secure device communication.Serial port 3230 may further be used to connect the device to a computerto act as a modem.

Other communications subsystems 3240, such as a short-rangecommunications subsystem, are further optional components which mayprovide for communication between the UE 3200 and different systems ordevices, which need not necessarily be similar devices. For example, thesubsystem 3240 may include an infrared device and associated circuitsand components or a Bluetooth™ communication module to provide forcommunication with similarly enabled systems and devices. Subsystem 3240may further include non-cellular communications such as WiFi, WiMAX,near field communication (NFC), and/or radio frequency identification(RFID). The other communications element 3240 may also be used tocommunicate with auxiliary devices such as tablet displays, keyboards orprojectors.

The UE and other components described above might include a processingcomponent that is capable of executing instructions related to theactions described above. FIG. 7 illustrates an example of a system 3300that includes a processing component 3310 suitable for implementing oneor more embodiments disclosed herein. In addition to the processor 3310(which may be referred to as a central processor unit or CPU), thesystem 3300 might include network connectivity devices 3320, randomaccess memory (RAM) 3330, read only memory (ROM) 3340, secondary storage3350, and input/output (I/O) devices 3360. These components mightcommunicate with one another via a bus 3370. In some cases, some ofthese components may not be present or may be combined in variouscombinations with one another or with other components not shown. Thesecomponents might be located in a single physical entity or in more thanone physical entity. Any actions described herein as being taken by theprocessor 3310 might be taken by the processor 3310 alone or by theprocessor 3310 in conjunction with one or more components shown or notshown in the drawing, such as a digital signal processor (DSP) 3380.Although the DSP 3380 is shown as a separate component, the DSP 3380might be incorporated into the processor 3310.

The processor 3310 executes instructions, codes, computer programs, orscripts that it might access from the network connectivity devices 3320,RAM 3330, ROM 3340, or secondary storage 3350 (which might includevarious disk-based systems such as hard disk, floppy disk, or opticaldisk). While only one CPU 3310 is shown, multiple processors may bepresent. Thus, while instructions may be discussed as being executed bya processor, the instructions may be executed simultaneously, serially,or otherwise by one or multiple processors. The processor 3310 may beimplemented as one or more CPU chips.

The network connectivity devices 3320 may take the form of modems, modembanks, Ethernet devices, universal serial bus (USB) interface devices,serial interfaces, token ring devices, fiber distributed data interface(FDDI) devices, wireless local area network (WLAN) devices, radiotransceiver devices such as code division multiple access (CDMA)devices, global system for mobile communications (GSM) radio transceiverdevices, universal mobile telecommunications system (UMTS) radiotransceiver devices, long term evolution (LTE) radio transceiverdevices, worldwide interoperability for microwave access (WiMAX)devices, and/or other well-known devices for connecting to networks.These network connectivity devices 3320 may enable the processor 3310 tocommunicate with the Internet or one or more telecommunications networksor other networks from which the processor 3310 might receiveinformation or to which the processor 3310 might output information. Thenetwork connectivity devices 3320 might also include one or moretransceiver components 3325 capable of transmitting and/or receivingdata wirelessly.

The RAM 3330 might be used to store volatile data and perhaps to storeinstructions that are executed by the processor 3310. The ROM 3340 is anon-volatile memory device that typically has a smaller memory capacitythan the memory capacity of the secondary storage 3350. ROM 3340 mightbe used to store instructions and perhaps data that are read duringexecution of the instructions. Access to both RAM 3330 and ROM 3340 istypically faster than to secondary storage 3350. The secondary storage3350 is typically comprised of one or more disk drives or tape drivesand might be used for non-volatile storage of data or as an over-flowdata storage device if RAM 3330 is not large enough to hold all workingdata. Secondary storage 3350 may be used to store programs that areloaded into RAM 3330 when such programs are selected for execution.

The I/O devices 3360 may include liquid crystal displays (LCDs), touchscreen displays, keyboards, keypads, switches, dials, mice, track balls,voice recognizers, card readers, paper tape readers, printers, videomonitors, or other well-known input/output devices. Also, thetransceiver 3325 might be considered to be a component of the I/Odevices 3360 instead of or in addition to being a component of thenetwork connectivity devices 3320.

In an embodiment, a method for managing software on a device isprovided. The method comprises: receiving, from a third party associatedwith the device, by a software administrator of an organizationdifferent from the third party, release information regarding softwareversions for the device; creating, by the software administrator, aprofile that specifies whether or not at least one of the softwareversions is allowed on the device; and transmitting the profile, by thesoftware administrator to a server computer associated with the third orother parties, to promote enforcement of the profile for the device.

In another embodiment, another method for managing software on a deviceis provided. The method comprises: receiving, by a server computer underexclusive control of a third party, from a software loading service,release information regarding software versions for the device;transmitting, by the server computer to a software administrator of anorganization different from the third party, the release information;receiving, by the server computer from the software administrator, atleast one profile that specifies whether at least one of the softwareversions is allowed on the device or is prohibited on the device; andtransmitting, by the server computer to the software loading service,information regarding a specified software version that is allowed onthe device or is prohibited on the device, thereby causing the softwareloading service to make the specified software version available forinstallation on the device.

In another embodiment, a server computer is provided. The servercomputer comprises a memory and a processor. The processor is configuredsuch that the server computer receives, from a software loading service,release information regarding software versions for a mobile device;further configured such that the server computer stores the releaseinformation to the memory; further configured such that the servercomputer transmits, to a software administrator of an organizationdifferent from the third party, the release information; furtherconfigured such that the server computer receives, from the softwareadministrator, at least one profile that specifies whether at least oneof the software versions is allowed on the device or is prohibited onthe device; and further configured such that the server computertransmits to the software loading service information regarding aspecified software version that is allowed on the device or isprohibited on the device, thereby causing the software loading serviceto make the specified software version available for installation on thedevice or causing the software loading service to prevent installationof the specified software version on the device.

While several embodiments have been provided in the present disclosure,it should be understood that the disclosed systems and methods may beembodied in many other specific forms without departing from the spiritor scope of the present disclosure. The present examples are to beconsidered as illustrative and not restrictive, and the intention is notto be limited to the details given herein. For example, the variouselements or components may be combined or integrated in another systemor certain features may be omitted, or not implemented.

Also, techniques, systems, subsystems and methods described andillustrated in the various embodiments as discrete or separate may becombined or integrated with other systems, modules, techniques, ormethods without departing from the scope of the present disclosure.Other items shown or discussed as coupled or directly coupled orcommunicating with each other may be indirectly coupled or communicatingthrough some interface, device, or intermediate component, whetherelectrically, mechanically, or otherwise. Other examples of changes,substitutions, and alterations are ascertainable by one skilled in theart and could be made without departing from the spirit and scopedisclosed herein.

What is claimed is:
 1. A method comprising: receiving, at a servercomputer from a software loading service of a software managemententity, release information regarding a plurality of software versionsfor a target device, wherein the software loading service controls aninstallation of software; sending, from the server computer over anetwork to an administrative device of a software administrator, therelease information to cause creation, at the administrative device, ofa profile that specifies whether or not at least one software version ofthe plurality of software versions is allowed on the target device,wherein the creation of the profile comprises including, in the profile,a range of software versions of the plurality of software versions andconditions under which the software versions of the range of softwareversions included in the profile are to be applied to the target device,the conditions included in the profile comprising a roaming conditionand a further condition selected from among a time condition and alocation condition, wherein the roaming condition controls installationof a software version based on a roaming status of the target device,and wherein the range of software versions comprise different versionsof a particular unit of software; receiving, at the server computer overthe network from the administrative device, the profile comprising therange of software versions, the roaming condition, and the furthercondition, to enforce installation, on the target device, of one or moresoftware versions of the range of software versions based on theconditions in the profile; and sending, from the server computer to thetarget device, information of the profile, the target device to act as apass-through for the information of the profile and send the informationof the profile to the software loading service, the software loadingservice to use the information of the profile for determining a softwareversion of the range of software versions to be installed on the targetdevice.
 2. The method of claim 1, comprising: receiving, at the targetdevice from the software loading service, the particular unit ofsoftware according to the determined software version of the range ofsoftware versions to be installed on the target device.
 3. The method ofclaim 2, wherein the target device sends to the software loading servicethe information of the profile that includes device-specific policyinformation pertaining to the range of software versions that arespecific for the target device.
 4. The method of claim 2, wherein thesoftware loading service enforces the profile on the target device basedon the roaming condition and the further condition.
 5. The method ofclaim 4, wherein the enforcement comprises at least one of: allowinginstallation of at least one software version on the target device;preventing installation of at least one software version on the targetdevice; providing an alert on the target device that at least onesoftware version is available for installation on the target device; orproviding an alert on the target device that at least one softwareversion is not available for installation on the target device.
 6. Themethod of claim 1, wherein the server computer belongs to anorganization that is different from a provider associated with thesoftware management entity.
 7. The method of claim 1, wherein thesoftware administrator has no control or input regarding which softwareversions are made available by the software loading service in therelease information, and wherein the creation of the profile at theadministrative device selects the at least one software version allowedon the target device.
 8. The method of claim 1, wherein the servercomputer is separated from the administrative device by a firewall. 9.The method of claim 1, wherein the conditions included in the profilefurther comprise a memory available condition that controls installationof a software version based on an amount of memory available on thetarget device.
 10. The method of claim 1, wherein including the range ofsoftware versions in the profile comprises adding, to the profile,information of a minimum release number of the particular unit ofsoftware and a maximum release number of the particular unit ofsoftware.
 11. A target device comprising: a processor; and anon-transitory storage medium storing instructions executable on theprocessor to: receive, at the target device from a server computer, apayload including information of a profile comprising a range ofsoftware versions of a plurality of software versions for the targetdevice, the information of the profile further comprising conditionsunder which the software versions of the range of software versions areto be applied to the target device, the conditions comprising a roamingcondition and a further condition for enforcement by a software loadingservice in installing a given software version of the range of softwareversions on the target device, wherein the roaming condition controlsinstallation of a software version based on a roaming status of thetarget device, and wherein the range of software versions comprisedifferent versions of a particular unit of software, wherein the profilefrom the server computer is created by an administrative device separatefrom the server computer based on release information regarding theplurality of software versions for the target device, the releaseinformation provided by the software loading service; send, from thetarget device acting as a pass-through to the software loading service,the information of the profile comprising the range of software versionsand the conditions; receive, at the target device from the softwareloading service, software according to the given software versiondetermined by the software loading service based on the conditions; andinstall, at the target device, the software according to the givensoftware version.
 12. The target device of claim 11, wherein the servercomputer is separated from the administrative device by a firewall. 13.The target device of claim 11, wherein the conditions further comprise amemory available condition that controls installation of a softwareversion based on an amount of memory available on the target device. 14.The target device of claim 11, wherein the range of software versionsincludes a minimum release number of the software and a maximum releasenumber of the software.
 15. A non-transitory machine-readable storagemedium comprising instructions that upon execution cause a servercomputer to: receive, at the server computer from a software loadingservice, release information regarding a plurality of software versionsfor a target device, wherein the software loading service controls aninstallation of software; transmit, from the server computer over anetwork to an administrative device of an organization different from athird party that controls the server computer, the release information;receive, at the server computer over the network from the administrativedevice, a profile that specifies whether at least one software versionof the plurality of software versions is allowed on the target device oris prohibited on the target device, wherein the profile received by theserver computer from the administrative device includes a range ofsoftware versions of the plurality of software versions and conditionsunder which the software versions of the range of software versionsincluded in the profile are to be applied to the target device, theconditions included in the profile comprising a roaming condition and afurther condition selected from among a time condition and a locationcondition, wherein the roaming condition controls installation of asoftware version based on a roaming status of the target device, andwherein the range of software versions comprise different versions of aparticular unit of software; and transmit, from the server computer tothe target device, information of the profile, the target device to actas a pass-through for the information of the profile and send theinformation of the profile to the software loading service, the softwareloading service to use the information of the profile for determining asoftware version of the range of software versions to be installed onthe target device based on the conditions.
 16. The non-transitorymachine-readable storage medium of claim 15, wherein the softwareloading service enforces the profile on the target device based on theroaming condition and the further condition.
 17. The non-transitorymachine-readable storage medium of claim 15, wherein the instructionsupon execution cause the server computer to receive a plurality ofprofiles for the target device; and perform a reconciliation procedureto determine which of the plurality of profiles is to be enforced on thetarget device.
 18. The non-transitory machine-readable storage medium ofclaim 15, wherein the instructions upon execution cause the servercomputer to: compare software installed on the target device to thesoftware versions of the range of software versions; and in response tothe comparing indicating that the software installed on the targetdevice does not correspond to the software versions of the range ofsoftware versions in the profile, take an action to impair a functioningof the target device.
 19. The non-transitory machine-readable storagemedium of claim 15, wherein the conditions included in the profilefurther comprise a memory available condition that controls installationof a software version based on an amount of memory available on thetarget device.
 20. The non-transitory machine-readable storage medium ofclaim 15, wherein the profile includes a minimum release number of theparticular unit of software and a maximum release number of theparticular unit of software.